Description
Multiple directory traversal vulnerabilities in admin/minibb/index.php in phpBLASTER CMS 1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) DB, (2) lang, and (3) skin parameters.
Exploits (1)
References (2)
Core 2
Core References
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/5952
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/29983
Scores
EPSS
0.0338
EPSS Percentile
87.4%
Details
CWE
CWE-22
Status
published
Products (1)
phpblaster/phpblaster_cms
1.0 rc1
Published
Nov 19, 2008
Tracked Since
Feb 18, 2026